fae9e165bb
This is a version of #63481 for master. Vulnerability Description: daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does. #63301
Nixpkgs is a collection of packages for the Nix package manager. It is periodically built and tested by the Hydra build daemon as so-called channels. To get channel information via git, add nixpkgs-channels as a remote:
% git remote add channels https://github.com/NixOS/nixpkgs-channels.git
For stability and maximum binary package support, it is recommended to maintain
custom changes on top of one of the channels, e.g. nixos-19.03 for the latest
release and nixos-unstable for the latest successful build of master:
% git remote update channels
% git rebase channels/nixos-19.03
For pull requests, please rebase onto nixpkgs master.
NixOS Linux distribution source code is located inside
nixos/ folder.
- NixOS installation instructions
- Documentation (Nix Expression Language chapter)
- Manual (How to write packages for Nix)
- Manual (NixOS)
- Community maintained wiki
- Continuous package builds for unstable/master
- Continuous package builds for 19.03 release
- Tests for unstable/master
- Tests for 19.03 release
Communication:
Note: MIT license does not apply to the packages built by Nixpkgs, merely to the package descriptions (Nix expressions, build scripts, and so on). It also might not apply to patches included in Nixpkgs, which may be derivative works of the packages to which they apply. The aforementioned artifacts are all covered by the licenses of the respective packages.